tun2proxy/src/http.rs

use crate::error::Error;
use crate::tun2proxy::{
    Connection, ConnectionManager, IncomingDataEvent, IncomingDirection, OutgoingDataEvent,
    OutgoingDirection, TcpProxy,
};
use crate::Credentials;
use base64::Engine;
use smoltcp::wire::IpProtocol;
use std::collections::VecDeque;
use std::net::SocketAddr;
use std::rc::Rc;

#[derive(Eq, PartialEq, Debug)]
#[allow(dead_code)]
enum HttpState {
    SendRequest,
    ExpectStatusCode,
    ExpectResponse,
    Established,
}

pub struct HttpConnection {
    state: HttpState,
    client_inbuf: VecDeque<u8>,
    server_inbuf: VecDeque<u8>,
    client_outbuf: VecDeque<u8>,
    server_outbuf: VecDeque<u8>,
    data_buf: VecDeque<u8>,
    crlf_state: u8,
}

impl HttpConnection {
    fn new(connection: &Connection, manager: Rc<dyn ConnectionManager>) -> Self {
        let mut server_outbuf: VecDeque<u8> = VecDeque::new();
        {
            let credentials = manager.get_credentials();
            server_outbuf.extend(b"CONNECT ".iter());
            server_outbuf.extend(connection.dst.to_string().as_bytes());
            server_outbuf.extend(b" HTTP/1.1\r\nHost: ".iter());
            server_outbuf.extend(connection.dst.to_string().as_bytes());
            server_outbuf.extend(b"\r\n".iter());
            if let Some(credentials) = credentials {
                server_outbuf.extend(b"Proxy-Authorization: Basic ");
                let mut auth_plain = credentials.username.clone();
                auth_plain.extend(b":".iter());
                auth_plain.extend(&credentials.password);
                let auth_b64 = base64::engine::general_purpose::STANDARD.encode(auth_plain);
                server_outbuf.extend(auth_b64.as_bytes().iter());
                server_outbuf.extend(b"\r\n".iter());
            }
            server_outbuf.extend(b"\r\n".iter());
        }

        Self {
            state: HttpState::ExpectStatusCode,
            client_inbuf: Default::default(),
            server_inbuf: Default::default(),
            client_outbuf: Default::default(),
            server_outbuf,
            data_buf: Default::default(),
            crlf_state: Default::default(),
        }
    }

    fn state_change(&mut self) -> Result<(), Error> {
        let http_len = "HTTP/1.1 200".len();
        match self.state {
            HttpState::ExpectStatusCode if self.server_inbuf.len() > http_len => {
                let status_line: Vec<u8> =
                    self.server_inbuf.range(0..http_len + 1).copied().collect();
                let slice = &status_line.as_slice()[0.."HTTP/1.1 2".len()];
                if slice != b"HTTP/1.1 2" && slice != b"HTTP/1.0 2"
                    || self.server_inbuf[http_len] != b' '
                {
                    let status_str = String::from_utf8_lossy(&status_line.as_slice()[0..http_len]);
                    let e =
                        format!("Expected success status code. Server replied with {status_str}.");
                    return Err(e.into());
                }
                self.state = HttpState::ExpectResponse;
                return self.state_change();
            }
            HttpState::ExpectResponse => {
                let mut counter = 0usize;
                for b_ref in self.server_inbuf.iter() {
                    let b = *b_ref;
                    if b == b'\n' {
                        self.crlf_state += 1;
                    } else if b != b'\r' {
                        self.crlf_state = 0;
                    }
                    counter += 1;

                    if self.crlf_state == 2 {
                        self.server_inbuf.drain(0..counter);

                        self.server_outbuf.append(&mut self.data_buf);
                        self.data_buf.clear();

                        self.state = HttpState::Established;
                        return self.state_change();
                    }
                }

                self.server_inbuf.drain(0..counter);
            }
            HttpState::Established => {
                self.client_outbuf.extend(self.server_inbuf.iter());
                self.server_outbuf.extend(self.client_inbuf.iter());
                self.server_inbuf.clear();
                self.client_inbuf.clear();
            }
            _ => {}
        }
        Ok(())
    }
}

impl TcpProxy for HttpConnection {
    fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> {
        let direction = event.direction;
        let buffer = event.buffer;
        match direction {
            IncomingDirection::FromServer => {
                self.server_inbuf.extend(buffer.iter());
            }
            IncomingDirection::FromClient => {
                if self.state == HttpState::Established {
                    self.client_inbuf.extend(buffer.iter());
                } else {
                    self.data_buf.extend(buffer.iter());
                }
            }
        }

        self.state_change()
    }

    fn consume_data(&mut self, dir: OutgoingDirection, size: usize) {
        let buffer = if dir == OutgoingDirection::ToServer {
            &mut self.server_outbuf
        } else {
            &mut self.client_outbuf
        };
        buffer.drain(0..size);
    }

    fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent {
        let buffer = if dir == OutgoingDirection::ToServer {
            &mut self.server_outbuf
        } else {
            &mut self.client_outbuf
        };
        OutgoingDataEvent {
            direction: dir,
            buffer: buffer.make_contiguous(),
        }
    }

    fn connection_established(&self) -> bool {
        self.state == HttpState::Established
    }
}

pub(crate) struct HttpManager {
    server: SocketAddr,
    credentials: Option<Credentials>,
}

impl ConnectionManager for HttpManager {
    fn handles_connection(&self, connection: &Connection) -> bool {
        connection.proto == IpProtocol::Tcp
    }

    fn new_connection(
        &self,
        connection: &Connection,
        manager: Rc<dyn ConnectionManager>,
    ) -> Result<Option<Box<dyn TcpProxy>>, Error> {
        if connection.proto != IpProtocol::Tcp {
            return Ok(None);
        }
        Ok(Some(Box::new(HttpConnection::new(connection, manager))))
    }

    fn close_connection(&self, _: &Connection) {}

    fn get_server(&self) -> SocketAddr {
        self.server
    }

    fn get_credentials(&self) -> &Option<Credentials> {
        &self.credentials
    }
}

impl HttpManager {
    pub fn new(server: SocketAddr, credentials: Option<Credentials>) -> Rc<Self> {
        Rc::new(Self {
            server,
            credentials,
        })
    }
}
move error handler to a separate module 2023-03-22 22:19:00 +08:00			`use crate::error::Error;`
Cleaning and update 2022-08-01 14:36:58 +00:00			`use crate::tun2proxy::{`
Refactor This commit moves some essential types to lib and fixes one clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#enum_variant_names 2023-03-25 13:07:39 +01:00			`Connection, ConnectionManager, IncomingDataEvent, IncomingDirection, OutgoingDataEvent,`
			`OutgoingDirection, TcpProxy,`
Cleaning and update 2022-08-01 14:36:58 +00:00			`};`
Refactor This commit moves some essential types to lib and fixes one clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#enum_variant_names 2023-03-25 13:07:39 +01:00			`use crate::Credentials;`
Implement HTTP proxy authentication 2023-03-22 10:12:32 +01:00			`use base64::Engine;`
IpProtocol values 2023-03-23 18:31:09 +08:00			`use smoltcp::wire::IpProtocol;`
Initial commit 2021-09-02 11:30:23 +02:00			`use std::collections::VecDeque;`
			`use std::net::SocketAddr;`
refine code 2023-03-23 16:31:33 +08:00			`use std::rc::Rc;`
Initial commit 2021-09-02 11:30:23 +02:00
			`#[derive(Eq, PartialEq, Debug)]`
			`#[allow(dead_code)]`
			`enum HttpState {`
			`SendRequest,`
Improve error handling 2021-09-02 21:02:17 +02:00			`ExpectStatusCode,`
Initial commit 2021-09-02 11:30:23 +02:00			`ExpectResponse,`
Cleaning and update 2022-08-01 14:36:58 +00:00			`Established,`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

			`pub struct HttpConnection {`
			`state: HttpState,`
			`client_inbuf: VecDeque<u8>,`
			`server_inbuf: VecDeque<u8>,`
			`client_outbuf: VecDeque<u8>,`
			`server_outbuf: VecDeque<u8>,`
			`data_buf: VecDeque<u8>,`
Cleaning and update 2022-08-01 14:36:58 +00:00			`crlf_state: u8,`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

			`impl HttpConnection {`
refine code 2023-03-23 16:31:33 +08:00			`fn new(connection: &Connection, manager: Rc<dyn ConnectionManager>) -> Self {`
Implement HTTP proxy authentication 2023-03-22 10:12:32 +01:00			`let mut server_outbuf: VecDeque<u8> = VecDeque::new();`
			`{`
			`let credentials = manager.get_credentials();`
			`server_outbuf.extend(b"CONNECT ".iter());`
			`server_outbuf.extend(connection.dst.to_string().as_bytes());`
			`server_outbuf.extend(b" HTTP/1.1\r\nHost: ".iter());`
			`server_outbuf.extend(connection.dst.to_string().as_bytes());`
			`server_outbuf.extend(b"\r\n".iter());`
Use Option type for credentials This commit applys the diff by @ssrlive from https://github.com/blechschmidt/tun2proxy/commit/3223ca4e22003fd87e90f89ce352d84d38227f2e#commitcomment-105521241. 2023-03-22 12:18:41 +01:00			`if let Some(credentials) = credentials {`
Implement HTTP proxy authentication 2023-03-22 10:12:32 +01:00			`server_outbuf.extend(b"Proxy-Authorization: Basic ");`
			`let mut auth_plain = credentials.username.clone();`
			`auth_plain.extend(b":".iter());`
			`auth_plain.extend(&credentials.password);`
			`let auth_b64 = base64::engine::general_purpose::STANDARD.encode(auth_plain);`
			`server_outbuf.extend(auth_b64.as_bytes().iter());`
			`server_outbuf.extend(b"\r\n".iter());`
			`}`
			`server_outbuf.extend(b"\r\n".iter());`
			`}`

			`Self {`
Improve error handling 2021-09-02 21:02:17 +02:00			`state: HttpState::ExpectStatusCode,`
Initial commit 2021-09-02 11:30:23 +02:00			`client_inbuf: Default::default(),`
			`server_inbuf: Default::default(),`
			`client_outbuf: Default::default(),`
Implement HTTP proxy authentication 2023-03-22 10:12:32 +01:00			`server_outbuf,`
Initial commit 2021-09-02 11:30:23 +02:00			`data_buf: Default::default(),`
Cleaning and update 2022-08-01 14:36:58 +00:00			`crlf_state: Default::default(),`
Implement HTTP proxy authentication 2023-03-22 10:12:32 +01:00			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

move error handler to a separate module 2023-03-22 22:19:00 +08:00			`fn state_change(&mut self) -> Result<(), Error> {`
clean code 2023-03-24 15:57:54 +08:00			`let http_len = "HTTP/1.1 200".len();`
Initial commit 2021-09-02 11:30:23 +02:00			`match self.state {`
clean code 2023-03-24 15:57:54 +08:00			`HttpState::ExpectStatusCode if self.server_inbuf.len() > http_len => {`
			`let status_line: Vec<u8> =`
			`self.server_inbuf.range(0..http_len + 1).copied().collect();`
Improve error handling 2021-09-02 21:02:17 +02:00			`let slice = &status_line.as_slice()[0.."HTTP/1.1 2".len()];`
			`if slice != b"HTTP/1.1 2" && slice != b"HTTP/1.0 2"`
clean code 2023-03-24 15:57:54 +08:00			`\|\| self.server_inbuf[http_len] != b' '`
Cleaning and update 2022-08-01 14:36:58 +00:00			`{`
clean code 2023-03-24 15:57:54 +08:00			`let status_str = String::from_utf8_lossy(&status_line.as_slice()[0..http_len]);`
move error handler to a separate module 2023-03-22 22:19:00 +08:00			`let e =`
			`format!("Expected success status code. Server replied with {status_str}.");`
			`return Err(e.into());`
Improve error handling 2021-09-02 21:02:17 +02:00			`}`
			`self.state = HttpState::ExpectResponse;`
			`return self.state_change();`
			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`HttpState::ExpectResponse => {`
			`let mut counter = 0usize;`
			`for b_ref in self.server_inbuf.iter() {`
			`let b = *b_ref;`
			`if b == b'\n' {`
			`self.crlf_state += 1;`
			`} else if b != b'\r' {`
			`self.crlf_state = 0;`
			`}`
			`counter += 1;`

			`if self.crlf_state == 2 {`
			`self.server_inbuf.drain(0..counter);`

			`self.server_outbuf.append(&mut self.data_buf);`
			`self.data_buf.clear();`

			`self.state = HttpState::Established;`
Improve error handling 2021-09-02 21:02:17 +02:00			`return self.state_change();`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
			`}`

			`self.server_inbuf.drain(0..counter);`
			`}`
			`HttpState::Established => {`
			`self.client_outbuf.extend(self.server_inbuf.iter());`
			`self.server_outbuf.extend(self.client_inbuf.iter());`
			`self.server_inbuf.clear();`
			`self.client_inbuf.clear();`
			`}`
Cleaning and update 2022-08-01 14:36:58 +00:00			`_ => {}`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
Improve error handling 2021-09-02 21:02:17 +02:00			`Ok(())`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
			`}`

			`impl TcpProxy for HttpConnection {`
move error handler to a separate module 2023-03-22 22:19:00 +08:00			`fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> {`
Initial commit 2021-09-02 11:30:23 +02:00			`let direction = event.direction;`
			`let buffer = event.buffer;`
			`match direction {`
			`IncomingDirection::FromServer => {`
			`self.server_inbuf.extend(buffer.iter());`
Cleaning and update 2022-08-01 14:36:58 +00:00			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`IncomingDirection::FromClient => {`
			`if self.state == HttpState::Established {`
			`self.client_inbuf.extend(buffer.iter());`
			`} else {`
			`self.data_buf.extend(buffer.iter());`
			`}`
			`}`
			`}`

Improve error handling 2021-09-02 21:02:17 +02:00			`self.state_change()`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

			`fn consume_data(&mut self, dir: OutgoingDirection, size: usize) {`
Cleaning and update 2022-08-01 14:36:58 +00:00			`let buffer = if dir == OutgoingDirection::ToServer {`
Initial commit 2021-09-02 11:30:23 +02:00			`&mut self.server_outbuf`
			`} else {`
			`&mut self.client_outbuf`
			`};`
			`buffer.drain(0..size);`
			`}`

			`fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent {`
			`let buffer = if dir == OutgoingDirection::ToServer {`
			`&mut self.server_outbuf`
			`} else {`
			`&mut self.client_outbuf`
			`};`
Cleaning and update 2022-08-01 14:36:58 +00:00			`OutgoingDataEvent {`
Initial commit 2021-09-02 11:30:23 +02:00			`direction: dir,`
Cleaning and update 2022-08-01 14:36:58 +00:00			`buffer: buffer.make_contiguous(),`
			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
Improve error handling 2021-09-02 21:02:17 +02:00
			`fn connection_established(&self) -> bool {`
Cleaning and update 2022-08-01 14:36:58 +00:00			`self.state == HttpState::Established`
Improve error handling 2021-09-02 21:02:17 +02:00			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

Refactor This commit moves some essential types to lib and fixes one clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#enum_variant_names 2023-03-25 13:07:39 +01:00			`pub(crate) struct HttpManager {`
SocketAddr issues 2023-03-23 20:00:59 +08:00			`server: SocketAddr,`
Use Option type for credentials This commit applys the diff by @ssrlive from https://github.com/blechschmidt/tun2proxy/commit/3223ca4e22003fd87e90f89ce352d84d38227f2e#commitcomment-105521241. 2023-03-22 12:18:41 +01:00			`credentials: Option<Credentials>,`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

			`impl ConnectionManager for HttpManager {`
			`fn handles_connection(&self, connection: &Connection) -> bool {`
switch to smoltcp dev version to support IpProtocol with Hash trait 2023-03-25 00:24:02 +08:00			`connection.proto == IpProtocol::Tcp`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

Implement SOCKS5 authentication 2023-03-22 01:02:27 +01:00			`fn new_connection(`
			`&self,`
			`connection: &Connection,`
refine code 2023-03-23 16:31:33 +08:00			`manager: Rc<dyn ConnectionManager>,`
Implement SOCKS4 2023-03-25 01:39:46 +01:00			`) -> Result<Option<Box<dyn TcpProxy>>, Error> {`
switch to smoltcp dev version to support IpProtocol with Hash trait 2023-03-25 00:24:02 +08:00			`if connection.proto != IpProtocol::Tcp {`
Implement SOCKS4 2023-03-25 01:39:46 +01:00			`return Ok(None);`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
Implement SOCKS4 2023-03-25 01:39:46 +01:00			`Ok(Some(Box::new(HttpConnection::new(connection, manager))))`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

Make manager references immutable 2023-03-21 01:08:44 +01:00			`fn close_connection(&self, _: &Connection) {}`
Initial commit 2021-09-02 11:30:23 +02:00
			`fn get_server(&self) -> SocketAddr {`
			`self.server`
			`}`
Implement SOCKS5 authentication 2023-03-22 01:02:27 +01:00
Use Option type for credentials This commit applys the diff by @ssrlive from https://github.com/blechschmidt/tun2proxy/commit/3223ca4e22003fd87e90f89ce352d84d38227f2e#commitcomment-105521241. 2023-03-22 12:18:41 +01:00			`fn get_credentials(&self) -> &Option<Credentials> {`
Implement SOCKS5 authentication 2023-03-22 01:02:27 +01:00			`&self.credentials`
			`}`
Initial commit 2021-09-02 11:30:23 +02:00			`}`

			`impl HttpManager {`
refine code 2023-03-23 16:31:33 +08:00			`pub fn new(server: SocketAddr, credentials: Option<Credentials>) -> Rc<Self> {`
			`Rc::new(Self {`
Implement SOCKS5 authentication 2023-03-22 01:02:27 +01:00			`server,`
			`credentials,`
			`})`
Initial commit 2021-09-02 11:30:23 +02:00			`}`
Cleaning and update 2022-08-01 14:36:58 +00:00			`}`